K
Kwilio Scheduling
All articles
Security

How Kwilio Scheduling Keeps Your Employee Data Secure

When you sign up for a scheduling app, you hand over your employee roster, shift history, clock-in records, and pay rates. That information is sensitive, and how an app stores and protects it should be a first-class question — not an afterthought.

Here's exactly how Kwilio Scheduling handles your team's data.

Where Your Data Lives

Kwilio Scheduling is built around a secure cloud backend. The desktop and mobile apps are thin clients — they hold no database and no credentials of their own. Every piece of data flows through an authenticated API to a managed PostgreSQL database.

What that means in practice:

  • Encrypted in transit and at rest. All traffic between your apps and our backend runs over TLS, and your data is encrypted where it's stored.
  • Authenticated on every request. Each request carries a signed token. The server derives your identity and organization from that token — never from values the client sends — so requests can't be spoofed across accounts.
  • One organization can never see another's data. Every query is scoped to your organization on the server side.

Role-Based Access

Not everyone on your team should see everything. Kwilio enforces access by role, on the server — so it's a real security boundary, not just a hidden button in the UI:

  • Owner — full access to everything, including billing.
  • Manager — staff, shifts, and reports.
  • Scheduler — create and edit shifts and assignments.
  • Office — read-only access plus report exports.
  • Staff — the mobile app only: view their own shifts and clock in and out.

Pay rates, payroll settings, and admin tools stay invisible to staff. Removing someone from your organization revokes their access immediately.

A Full Audit Trail

Every meaningful change — schedule edits, clock-in/out events, and administrative actions — is written to an audit log. If you ever need to answer "who changed this shift, and when," the record is there.

Your Data Belongs to You

We act as a processor for your business data, not an owner of it:

  • We don't sell your data and we don't use it for advertising.
  • You can export your data from within the app at any time.
  • You can delete your account. When an owner requests deletion, we remove your organization's data from our production systems.

On-Device AI

The desktop app's AI shift parsing (on macOS) runs on your device using Apple Intelligence. When you paste or type rough shift notes and let Kwilio turn them into structured shifts, that text is processed locally — it isn't sent to our servers or any third-party AI service.

The Bottom Line

Good security isn't about a vague promise. It's about being specific: your data is encrypted, access is scoped to roles and enforced on the server, every change is logged, and you can take your data with you whenever you want. That's the standard Kwilio Scheduling is built to.

Ready to try Kwilio Scheduling?

On Mac and mobile, synced through a secure, encrypted cloud.

See pricing →